I think there is a bug in ASN1_time_parse(3): if tm is not NULL then it
is not zero'd before parsing and the year value is added instead of set.
diff --git a/lib/libcrypto/asn1/a_time_tm.c b/lib/libcrypto/asn1/a_time_tm.c
index b6e22cbd27b..a841f32a856 100644
--- a/lib/libcrypto/asn1/a_time_tm.c
+++ b/lib/libcrypto/asn1/a_time_tm.c
@@ -196,7 +196,7 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm
*tm, int mode)
return (-1);
type = V_ASN1_UTCTIME;
}
- lt->tm_year += ATOI2(p); /* yy */
+ lt->tm_year = ATOI2(p); /* yy */
if (type == V_ASN1_UTCTIME) {
if (lt->tm_year < 50)
lt->tm_year += 100;
